#
# %CopyrightBegin%
# 
# Copyright Ericsson AB 1997-2016. All Rights Reserved.
# 
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# 
# %CopyrightEnd%
#
#

# Port: The port the standalone listens to. For ports < 1023, you will
# need httpd to be run as root initially.

Port 8888

# BindAddress: This directive is used to tell the server which IP address
# to listen to. It can either contain "*", an IP address, or a fully
# qualified Internet domain name.
# 
# It is also possible to specify the ip-family with the directive.
# There ar three possible value: inet, inet6 and inet6fb4
# inet:     Use IpFamily inet when retreiving the address and
#           fail if that does not work.
# inet6:    Use IpFamily inet6 when retreiving the address and
#           fail if that does not work.
# inet6fb4: First IpFamily inet6 is tried and if that does not work, 
#           inet is used as fallback. 
# Default value for ip-family is inet6fb4
# 
# The syntax is: <address>[|<ip-family>]
#
#BindAddress *
#BindAddress *|inet


# ServerName allows you to set a host name which is sent back to clients for
# your server if it's different than the one the program would get (i.e. use
# "www" instead of the host's real name).
#
# Note: You cannot just invent host names and hope they work. The name you 
# define here must be a valid DNS name for your host. If you don't understand
# this, ask your network administrator.

#ServerName your.server.net

# SocketType is either ip_comm, sockets or ssl.

SocketType ip_comm

# Modules: Server run-time plug-in modules written using the Erlang
# Web Server API (EWSAPI). The server API make it easy to add functionality
# to the server. Read more about EWSAPI in the Reference Manual.
# WARNING! Do not tamper with this directive unless you are familiar with
# EWSAPI.

Modules mod_alias mod_auth mod_esi mod_actions mod_cgi mod_responsecontrol mod_trace mod_range mod_head mod_dir mod_get mod_log mod_disk_log

# ServerAdmin: Your address, where problems with the server should be
# e-mailed.

ServerAdmin jocke@erix.ericsson.se

# ServerRoot: The directory the server's config, error, and log files
# are kept in

ServerRoot /var/tmp/server_root

# ErrorLog: The location of the error log file. If this does not start
# with /, ServerRoot is prepended to it.

ErrorLog logs/error_log

# TransferLog: The location of the transfer log file. If this does not
# start with /, ServerRoot is prepended to it.

TransferLog logs/access_log

# SecurityLog: The location of the security log file (mod_security required)
#
SecurityLog logs/security_log

# ErrorDiskLog: The location of the error log file. If this does not
# start with /, ServerRoot is prepended to it. This log file is managed
# with the disk_log module [See disk_log(3)]. The ErrorDiskLogSize directive
# takes two argument, i.e. MaxBytes and MaxFiles. The wrap log writes at most
# MaxBytes bytes on each file, and it uses MaxFiles files before it wraps, and
# truncates the first file.

ErrorDiskLog logs/error_disk_log
ErrorDiskLogSize 200000 10

# TransferDiskLog: The location of the transfer log file. If this does not
# start with /, ServerRoot is prepended to it. This log file is managed
# with the disk_log module [See disk_log(3)]. The TransferDiskLogSize directive
# takes two argument, i.e. MaxBytes and MaxFiles. The wrap log writes at most
# MaxBytes bytes on each file, and it uses MaxFiles files before it wraps, and
# truncates the first file.

TransferDiskLog logs/access_disk_log
TransferDiskLogSize 200000 10

# SecurityDiskLog: The location of the security log file. If this does not
# start with /, ServerRoot is prepended to it. This log file is managed
# with the disk_log module [See disk_log(3)]. The SecurityDiskLogSize directive
# takes two argument, i.e. MaxBytes and MaxFiles. The wrap log writes at most
# MaxBytes bytes on each file, and it uses MaxFiles files before it wraps, and
# truncates the first file.

SecurityDiskLog logs/security_disk_log
SecurityDiskLogSize 200000 10

# Limit on total number of servers running, i.e., limit on the number
# of clients who can simultaneously connect --- if this limit is ever
# reached, clients will be LOCKED OUT, so it should NOT BE SET TOO LOW.
# It is intended mainly as a brake to keep a runaway server from taking
# the server with it as it spirals down...

MaxClients 50

# KeepAlive set the flag for persistent connections. For peristent connections
# set KeepAlive to on. To use One request per connection set the flag to off
# Note: The value has changed since previous version of INETS.
KeepAlive on

# KeepAliveTimeout sets the number of seconds before a persistent connection
# times out and closes.
KeepAliveTimeout 10

# MaxKeepAliveRequests sets the number of seconds before a persistent connection
# times out and closes.
MaxKeepAliveRequests 10



# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.

DocumentRoot /var/tmp/server_root/htdocs

# DirectoryIndex: Name of the file or files to use as a pre-written HTML
# directory index.  Separate multiple entries with spaces.

DirectoryIndex index.html welcome.html

# DefaultType is the default MIME type for documents which the server
# cannot find the type of from filename extensions.

DefaultType text/plain

# Aliases: Add here as many aliases as you need (with no limit). The format is 
# Alias fakename realname

Alias /icons/ /var/tmp/server_root/icons/
Alias /pics/ /var/tmp/server_root/icons/

# ScriptAlias: This controls which directories contain server scripts.
# Format: ScriptAlias fakename realname

ScriptAlias /cgi-bin/ /var/tmp/server_root/cgi-bin/
ScriptAlias /htbin/ /var/tmp/server_root/cgi-bin/

# This directive adds an action, which will activate cgi-script when a
# file is requested using the method of method, which can be one of
# GET, POST and HEAD. It sends the URL and file path of the requested
# document using the standard CGI PATH_INFO and PATH_TRANSLATED
# environment variables.

#Script HEAD /cgi-bin/printenv.sh

# This directive adds an action, which will activate cgi-script when a
# file of content type mime-type is requested. It sends the URL and
# file path of the requested document using the standard CGI PATH_INFO
# and PATH_TRANSLATED environment variables.

#Action image/gif /cgi-bin/printenv.sh

# ErlScriptAlias: This specifies how "Erl" server scripts are called.
# Format: ErlScriptAlias fakename realname allowed_modules

ErlScriptAlias /down/erl httpd_example io

# EvalScriptAlias: This specifies how "Eval" server scripts are called.
# Format: EvalScriptAlias fakename realname allowed_modules

EvalScriptAlias /eval httpd_example io

# Point SSLCertificateFile at a PEM encoded certificate.

SSLCertificateFile /var/tmp/server_root/ssl/ssl_server.pem

# If the key is not combined with the certificate, use this directive to
# point at the key file.

SSLCertificateKeyFile /var/tmp/server_root/ssl/ssl_server.pem

# Set SSLVerifyClient to:
# 0 if no certicate is required
# 1 if the client may present a valid certificate
# 2 if the client must present a valid certificate
# 3 if the client may present a valid certificate but it is not required to
#   have a valid CA

SSLVerifyClient 0

# Each directory to which INETS has access, can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories). 

<Directory /var/tmp/server_root/htdocs/open>
AuthDBType plain
AuthName Open Area
AuthUserFile /var/tmp/server_root/auth/passwd
AuthGroupFile /var/tmp/server_root/auth/group
require user one Aladdin
</Directory>

<Directory /var/tmp/server_root/htdocs/secret>
AuthDBType plain
AuthName Secret Area
AuthUserFile /var/tmp/server_root/auth/passwd
AuthGroupFile /var/tmp/server_root/auth/group
require group group1 group2
</Directory>

<Directory /var/tmp/server_root/htdocs/secret/top_secret>
AuthDBType plain
AuthName Top Secret Area
AuthUserFile /var/tmp/server_root/auth/passwd
AuthGroupFile /var/tmp/server_root/auth/group
require group group3
</Directory>

<Directory /var/tmp/server_root/htdocs/mnesia_open>
AuthDBType mnesia
AuthName Open Area
require user one Aladdin
</Directory>

<Directory /var/tmp/server_root/htdocs/mnesia_secret>
AuthDBType mnesia
AuthName Secret Area
require group group1 group2
</Directory>

<Directory /var/tmp/server_root/htdocs/mnesia_secret/top_secret>
AuthDBType mnesia
AuthName Top Secret Area
require group group3
allow from 130.100.34 130.100.35
deny from 100.234.22.12 194.100.34.1 130.100.34.25
SecurityDataFile logs/security_data
SecurityMaxRetries 3
SecurityBlockTime 10
SecurityFailExpireTime 1
SecurityAuthTimeout 1
SecurityCallbackModule security_callback
</Directory>
